7 Replies Latest reply: Oct 12, 2011 5:33 AM by SteveS RSS

    Remote login

    871234
      Hi experts,

      Iam unable to connect my server through putty,telnet or vnc , i've modified /etc/ssh/sshd_conf to rootpermitlogin to yes and the telnet service is online xvnc-inetd service is online and ssh service online, commented /etc/default/login console=dev console, what could be the problem pls assest me.

      Thanks,
      Kishore.
        • 1. Re: Remote login
          SteveS
          Q) What message is returned when you try to ssh to the system?
          Q) What message is returned when you try to telnet to the system?
          Q) Can you ping and traceroute from your desktop to the server in question?
          Q) When using ssh or telnet have you tried using the hostname and ip address? If using the IP address works but using the hostname doesn't, then it's a nameservice issue.
          Q) Can you login locally ie: "telnet 0" or "ssh 0"? If Yes, then this pushes the issue to an external factor such as a firewall or nameservice issue.

          HTH
          Steve
          • 2. Re: Remote login
            871234
            Hi Steve,

            Thanks for your reply i am able to login locally telnet 0, how to resolve this firewall issue please help me.

            Thanks,
            kk.
            • 3. Re: Remote login
              SteveS
              Thanks for your reply i am able to login locally telnet 0, how to resolve this firewall issue please help me.
              Do you know if there is a firewall between you and the system? If there is, then you'll need to speak to your network team and ask them to add a new rule to allow you access.

              If you can answer my previous questions it will help confirm if you do or do not have a firewall/network issue.

              Regards,
              Steve
              • 4. Re: Remote login
                871234
                Q) What message is returned when you try to ssh to the system?
                A) while iam connecting through putty from my desktop, Network error connection timed out.
                Q) What message is returned when you try to telnet to the system?
                A) while i am trying to connect through telnet from my desktop cmd prompt, Could not open connection to the host on port 23:connect failed
                Q) Can you ping and traceroute from your desktop to the server in question?
                A)i am successfully pinging but i dont know traceroute
                Q) When using ssh or telnet have you tried using the hostname and ip address? If using the IP address works but using the hostname doesn't, then it's a nameservice issue.
                A) I am using Ip only
                Q) Can you login locally ie: "telnet 0" or "ssh 0"? If Yes, then this pushes the issue to an external factor such as a firewall or nameservice issue.
                A) yes i can login locally with telnet 0

                and i have checked with #ipf -D whether the firewall is enabled but there are no firewalls enabled
                #svcs svc:/network/ipfilter:default
                disabled

                Please resolve this issue.

                Thanks,
                KK.
                • 5. Re: Remote login
                  SteveS
                  From the messages it suggests something is blocking your connection. You need to extend your troubleshooting.

                  Q) Can you telnet/ssh to the Solaris host from any other system on the network. Start by trying to telnet/ssh from another host on the same subnet. If that works you know it's a network/firewall issue between you and the target system(s) and it'll be over to your network team to investigate and allow you access.

                  Q) Can you telnet/ssh to any other Solaris hosts on the same subnet? This will verify that you can reach the subnet. If NO, then the issue is most likely a firewall.

                  Q) Can you telnet/ssh to any other hosts on a different subnet? This will test to see if the issue is more local to your desktop.
                  • 6. Re: Remote login
                    871234
                    Q) Can you telnet/ssh to the Solaris host from any other system on the network. Start by trying to telnet/ssh from another host on the same subnet. If that works you know it's a network/firewall issue between you and the target system(s) and it'll be over to your network team to investigate and allow you access.

                    A)No, I am unable to telnet/ssh from any other host in the network in same subnet but pinging both sides.

                    Q) Can you telnet/ssh to any other Solaris hosts on the same subnet? This will verify that you can reach the subnet. If NO, then the issue is most likely a firewall.

                    A) telnet/ssh from my solaris system to other solaris system in the same subnet, telnet:unable to connect to remote host: connection timed out.

                    Q) Can you telnet/ssh to any other hosts on a different subnet? This will test to see if the issue is more local to your desktop.

                    A) same error
                    • 7. Re: Remote login
                      SteveS
                      The next step is to snoop the network and prove or disprove that the telnet/ssh connections are reaching the target system. Let's call HostA the source host and HostB the target host.

                      HostA> snoop -d device -o /var/tmp/snoop.HostA.out HostA_ip_address HostB_ip_address
                      HostB> snoop -d device -o /var/tmp/snoop.HostA.out HostA_ip_address HostB_ip_address

                      For example if the systems were using nxge interfaces and had the ip addresses of 192.168.10.100, and 192.168.10.101 respectively, then you'd use:

                      HostA> snoop -d nxge0 -o /var/tmp/snoop.HostA.out 192.168.10.100 192.168.10.101
                      HostB> snoop -d nxge0 -o /var/tmp/snoop.HostB.out 192.168.10.100 192.168.10.101

                      Then you can review the snoops and see whether the connection request makes it from HostA to HostB. Hint: use 'snoop -i /var/tmp/snoop.*.out [-v|-V] | less'

                      Have you enabled ipfilters on the target Solaris host at all? To check run "svcs ipfilter". If the service is enabled, then YES you have. If it is disabled, then NO you haven't.

                      Regards,
                      Steve